Medicare Compliance & Reimbursement

Don't muddle your compliance with misinterpretations.

Is your organization still struggling to overcome those persistent Health Insurance Portability and Accountability Act (HIPAA) regulation misinterpretations? If you answered 'Yes,' you're not alone. Eli's experts will guide you through some of the most common interpretation gaffes and put you on the correct path to privacy and security rule compliance.

1) Let's Share: It's no surprise that hospitals are encountering strong resistance from smaller providers when they ask to see patient medical records. However, hospitals aren't the only health care providers coming up against this wall.

Home health agencies, nursing homes and other providers are consistently being turned away from accessing patient information, even when such access is required for treatment, says John Gilliland, a partner at Gilliland & Caudill in Indianapolis. "The physician's office will make a referral, but not give these agencies any information about the patient," he explains.

"It is usually an employee who says HIPAA doesn't permit them to send or fax medical records," says Patricia Reilly, the privacy officer at Gracedale Nursing Home in Nazareth, PA. A call to the privacy officer usually remedies the situation, she asserts.

Try this: Document your policies and procedures for sharing patient information across organizations and then train your staff accordingly, experts advise.

While many record requests are flatly denied, just as many of those requests are met with demands for the patient's explicit permission for the release. "Many offices are under the assumption that they can no longer release this information to [other agencies] without a signed authorization from the patient," attests Sherry Wilkerson, compliance manager for Esse Health in St. Louis, MO.

The end result? It boils down to "delayed access to the information needed for effectively taking care of our patients," Wilkerson says.

Tip: When your organization makes referrals to--or receives a request from--an outside agency for the records of a shared patient, ask yourself: How is this agency going to care for my patient without this information? Gilliland suggests. By answering this question, you can easily determine how your organization should respond, he says.

2) Fill-In-The-Blank Forms: Rather than just putting your name on generic forms such as those in regulation guides, really read the material and customize it for your organization, advises Kevin Troutman, an attorney with Fisher & Phillips in New Orleans.

"It's critical that you read the notice and policies and make sure they fit your situation," Troutman warns. Providers have fallen into the habit of simply filling in blanks on policies designed by outside people or institutions, he says.

Warning: Failure to ensure that your documents accurately describe how your organization handles and safeguards PHI could land you in hot regulatory water.

"Fill-in-the-blank forms don't look like a good-faith compliance effort and do look like a [...]